110 matches found
CVE-2015-4063
Summary (CVE-2015-4063): WordPress plugin NewStatPress (before 0.9.9) contains a cross-site scripting (XSS) flaw in includes/nsp_search.php. The vulnerability allows remote authenticated users to inject arbitrary script/HTML via the where1 parameter on the nsp_search page (to wp-admin/admin.php)....
CVE-2015-4062
CVE-2015-4062 affects WordPress plugin NewStatPress 0.9.8. The vulnerability is an SQL injection in includes/nsp_search.php that allows a remote authenticated user to execute arbitrary SQL via the where1 parameter on the nsp_search page (wp-admin/admin.php). The issue is demonstrated in multiple ...
WordPress NewStatPress plugin cross-site scripting vulnerability
WordPress is a set of blogging platform developed using the PHP language, support for setting up personal blog sites on PHP and MySQL servers.NewStatPress is a plugin for website access statistics management. A cross-site scripting vulnerability exists in WordPress NewStatPress, which allows remo...
WordPress NewStatPress Plugin 0.9.8 - Multiple Vulnerabilities
NewStatPress plugin is prone to multiple vulnerabilities, such as authenticated SQL injection and authenticated XSS. Solution Update the plugin...
WordPress NewStatPress Plugin SQL Injection Vulnerability
WordPress is a set of blogging platform developed using the PHP language, support for setting up personal blog sites on PHP and MySQL servers.NewStatPress is a plugin for website access statistics management. WordPress NewStatPress suffers from a SQL injection vulnerability that allows remote...
WordPress Plugin NewStatPress 0.9.8 - Multiple Vulnerabilities
WordPress Plugin NewStatPress 0.9.8 - Multiple Vulnerabilities Title: Multiple vulnerabilities in WordPress plugin "NewStatPress" Author: Adrián M. F. - adrimf85atgmaildotcom Date: 2015-05-25 Vendor Homepage: https://wordpress.org/plugins/newstatpress/ Active installs: 20,000+ Vulnerable version:...
WordPress NewStatPress 0.9.8 Cross Site Scripting / SQL Injection Vulnerabilities
WordPress NewStatPress plugin version 0.9.8 suffers from cross site scripting and remote SQL injection vulnerabilities. Title: Multiple vulnerabilities in WordPress plugin "NewStatPress" Author: Adrián M. F. - adrimf85atgmaildotcom Date: 2015-05-25 Vendor Homepage:...
WordPress Plugin Landing Pages Cross-Site Scripting Vulnerability
WordPress is a set of blogging platform developed using the PHP language, support for setting up personal blog sites on PHP and MySQL servers.NewStatPress is a plugin for website access statistics management. A cross-site scripting vulnerability exists in the WordPress plugin Landing Pages. An...
NewStatPress 0.9.8 - XSS & SQL Injection
The NewStatPress WordPress plugin was affected by a XSS & SQL Injection security vulnerability...
WordPress NewStatPress 0.9.8 Cross Site Scripting / SQL Injection
Title: Multiple vulnerabilities in WordPress plugin "NewStatPress" Author: Adrián M. F. - adrimf85atgmaildotcom Date: 2015-05-25 Vendor Homepage: https://wordpress.org/plugins/newstatpress/ Active installs: 20,000+ Vulnerable version: 0.9.8 Fixed version: 0.9.9 CVE: CVE-2015-4062, CVE-2015-4063...